According to recent reports, Google Play has caught hosting a malicious app that aims to steal cryptocurrencies from its end users. The tech giant has previously also updated about similar activity and saved many users. The report states that the company is alleged to be hosting an app designed to steal cryptocurrency from innocent users. The revelation about Google malicious activity was reported by researchers on 8th February.
It has come to light that the app is presented as the legal application for the cryptocurrency. However, the app, in fact, is capable of replacing the crypto walled address by copying them on the Android clipboard of the attackers, as stated by an Eset researcher in a blog post. The app, in short, fools the users by faking up a wallet. As a result, users who would like to move their digital asset to wallet would end up transferring money to the attacker’s wallet.
The clipper malware, as it is notoriously called has already affected the end number of Windows users since its first discovery in 2017. In 2018 Satori, a botnet was updated with a similar purpose. The updated version of Satori would infect coin-mining systems with malware that would replace the wallet of the end users with that of hackers. In August 2018, the first incident of Android-based clipper malware was reported, which was being distributed through a third party app.
The latest Android-based clipper malware is being promoted under the MetaMask name. The app is specially crafted to enable browsers to run apps that function together with digital coin Ethereum. The prime purpose of the malicious Android is to steal the credentials to gain access and manage the Ethereum funds of the end users. The app is also designed to replace bitcoin as well as Ethereum wallet address by copying it on the Android clipboard of that of the hacker.
Talking about the malicious app, Eset malware researcher Lukas Stefanko stated that the app targets the innocent users who desired to use the mobile version of the MetaMask, the prime function of which is to operate Ethereum decentralized apps in a browser while dodging the need of operating the entire Ethereum node. Nevertheless, the service as of now does not support the mobile app and only add-ons for a desktop version such as Firefox and Google Chrome.
A number of malicious apps have been alleged to be operational on Google Play under the MetaMask name. However, most of these apps were only alleged to have a purpose of phishing the sensitive information of the user’s crypto funds.
The alleged app was spotted by Eset soon after its launch on the Google Play platform on 1st February. Ever since then, Google has removed the app following a legal takedown request by the MetaMask, as reported by a MetaMask official. The official also informed that the company is currently working towards an official MetaMask mobile app of which an official announcement would be made on the company’s blog.